Security Audit

apple-reminders

github.com/openclaw/openclaw

AI SkillCommit b62bd290cb4e

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

apple-reminders received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via remindctl arguments, Unpinned `remindctl` dependency via Homebrew.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via remindctl arguments The skill's documentation illustrates the use of the `remindctl` CLI tool, passing user-provided strings (e.g., reminder titles, list names, dates) as arguments. If the LLM agent constructs shell commands by directly interpolating unsanitized user input into these `remindctl` arguments, an attacker could inject arbitrary shell commands. For example, if a user provides a reminder title like `"My reminder"; rm -rf /`, and this string is directly used in a shell command, it could lead to the execution of `rm -rf /` on the host system. The LLM agent must strictly sanitize or shell-escape all user-provided input before passing it as arguments to `remindctl`. Implement robust input validation and use a shell-escaping mechanism (e.g., `shlex.quote` in Python) to prevent malicious command injection.	LLM	SKILL.md:63
MEDIUM	Unpinned `remindctl` dependency via Homebrew The skill's manifest specifies the installation of `remindctl` via Homebrew (`brew install steipete/tap/remindctl`). Homebrew installations typically fetch the latest version of a formula without specifying a fixed version. This means that future updates to the `remindctl` tool could introduce breaking changes, vulnerabilities, or even malicious code without the skill author explicitly vetting the update. This creates a supply chain risk where the skill's security and stability are dependent on the continued integrity of the `remindctl` project and Homebrew tap. If possible, specify a fixed version or a version range for the `remindctl` dependency to ensure reproducibility and prevent unexpected changes. Regularly audit the upstream `remindctl` project for security vulnerabilities. If Homebrew does not support version pinning for this formula, consider alternative installation methods or implement a checksum verification step for the installed binary.	LLM	Manifest (frontmatter JSON)

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8f72fcdb23e20210.svg)](https://skillshield.io/report/8f72fcdb23e20210)